Privacy Policy
Last updated: June 6, 2026
Outish is built on trust. This policy explains what we collect, why, who we share it with, and the choices you have. We collect as little as we can to run a safe, verified, real-life social app — and nothing for advertising.
1. Who we are
Outish ("Outish," "we," "us," or "our") provides a mobile application that lets verified members broadcast what they're doing in real life to their mutual friends. For privacy questions, contact us at support@outish.app.
2. Information we collect
We collect the following categories of information, and only what each feature needs to work:
Information you provide
- Phone number. Used to create your account and verify it by SMS. SMS delivery is handled by our provider, Twilio.
- Identity verification data. To keep Outish safe, every member completes identity verification at signup. This involves an image of a government-issued ID (e.g., driver's license or passport) and a selfie used for a "liveness" check. This verification — including the processing of the document image and facial/biometric data used to confirm a live match — is performed by Stripe Identity. We receive the result of verification (e.g., verified / not verified) and limited details such as your verified name; we do not retain copies of your ID images or biometric templates ourselves. See Section 7 for more on biometric data.
- Payment information. Subscriptions are processed by Stripe. We do not collect or store your full card number — Stripe handles payment data directly. We receive your subscription status and billing metadata.
- Profile details. Your name, handle, and an optional profile photo.
- Broadcast content. The short activity text, optional note, end time, and exact location you choose to include when you post a broadcast.
- Support communications. Anything you send us when you contact support.
Information collected automatically or with your permission
- Precise location. We access your device's precise location only when you actively create a broadcast, to attach a place to it. We do not track your location in the background and we do not build a location history.
- Contacts (for friend matching). If you choose to find friends from your contacts, contact identifiers are hashed on your device (HMAC) before being sent to us, and we only use them to match against other members. We do not store your raw address book.
- Push notification tokens. If you enable notifications, we store a device push token so we can notify you about friend broadcasts and "I'm in" responses.
- Device & diagnostic data. Basic device information, app version, and crash/error logs, used to keep the app reliable. Crash and error reporting is handled by Sentry.
3. How we use your information
- To create and secure your account and verify you're a real person.
- To operate core features: broadcasts, the friend graph, the home feed and map, and "I'm in" signals.
- To process your subscription and manage billing.
- To send you the notifications you've opted into.
- To detect, prevent, and respond to fraud, abuse, safety issues, and violations of our Terms.
- To provide support and to maintain and improve the app.
- To comply with legal obligations.
We do not use your information for advertising, and we do not sell it.
4. How information is shared
We share information in limited ways:
- With your mutual friends. Your name, handle, photo, and any broadcast you post (including its location) are visible to the people you've mutually accepted as friends. People who tap "I'm in" on the same broadcast can see each other's names.
- With service providers who process data on our behalf, under contract. These include:
| Provider | Purpose |
|---|---|
| Stripe | Identity verification (Stripe Identity) and subscription payments |
| Twilio | Sending SMS verification codes |
| Maps/places for broadcast locations; app distribution & push delivery (Android) | |
| Supabase | Database & backend data storage |
| Railway | Application hosting |
| Cloudflare | Web hosting, DNS, and security |
| Sentry | Crash and error monitoring |
- For legal and safety reasons. We may disclose information if required by law, or to protect the rights, safety, and security of our members, the public, or Outish.
- In a business transfer. If Outish is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.
5. Data retention
- Broadcasts are ephemeral. A broadcast and its attached location are removed after it expires or you close it. We do not keep a server-side location history tied to your profile.
- Account data (profile, phone number, verification status, friend graph) is retained while your account is active.
- Billing and verification records may be retained by us or by Stripe as required for financial, legal, and fraud-prevention purposes.
- When you delete your account, we delete or de-identify your personal data, except where we must retain limited records to meet legal obligations. See our Account Deletion page.
6. Your choices and rights
- Access & deletion. You can request a copy of your data or delete your account at any time — see how to delete your account.
- Permissions. You can control location, contacts, and notification permissions in your device settings; some features won't work without them.
- Notifications. You can turn push notifications off globally or per friend in the app.
7. Biometric information
Identity verification uses facial recognition technology to confirm that the selfie you take matches your government ID and that you are a live person. This processing is performed by Stripe Identity as part of the verification flow, in accordance with Stripe's policies. We use this only to verify identity and prevent fraud — never for advertising or tracking — and we do not sell or share biometric data. We do not retain your biometric identifiers after verification beyond what is necessary to record that you were verified.
8. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know the categories and specific pieces of personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Request correction of inaccurate personal information.
- Not be discriminated against for exercising your privacy rights.
We do not sell or share your personal information as those terms are defined under California law, and we do not use sensitive personal information (such as your identity-verification data) for purposes other than those described in this policy. To exercise these rights, email support@outish.app. We will verify your request using your account information before acting on it. You may use an authorized agent to submit a request on your behalf.
9. Children
Outish is intended only for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from someone under 18, we will delete it.
10. Security
We use technical and organizational measures to protect your information, including encryption in transit, restricted access, and reputable infrastructure providers. No system is perfectly secure, but identity verification, payment handling, and biometric processing are handled by specialized providers (Stripe) built for that purpose.
11. Changes to this policy
We may update this policy from time to time. If we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you in the app.